Opinion: privacy concerns on My Health Record need to be addressed

My Health Record is a system which people may or may not choose to use, but the fear is that it could be used against them, argues Deakin University researcher Joshua Badge.

The Australian Digital Health Agency, the bureau responsible for My Health Record, maintains that law enforcement agencies can only gain access to the e-health system with a warrant, subpoena or court order. Health Minister Greg Hunt has backed this assertion but several sources have disputed the claim.

They took out: the conclusion My Health Record significantly reduces the threshold for access; the conclusion that cops can get it without a warrant; the bit where they said Greg Hunt’s statements “seem at odds” with the legislation. #auspol#MyHealthRecord

Section 70 of the My Health Records Act authorises the Agency to disclose health information in a broad variety of non-medical contexts. Provisions include such things as the “detection of improper conduct” and the “protection of public revenue”. According to the wording of the legislation, it is reasonable to assume that Centrelink and the Australian Tax Office will have access to the system as well. This presents a number of concerns.

Invasive policing fears

For example, it is unclear that the legislation would prevent Centrelink from using sensitive health information to make welfare eligibility determinations. Section 70 implies that Centrelink would be permitted to access health records to attempt to detect fraud or otherwise protect public revenue. Such access could lead to invasive policing of people on the Disability Support Pension, or the Sickness and Mobility Allowances.

Some critics have also floated the possibility that health data could be linked to a robo-debt system. The robo-debt system was a computer program which compared data collected by Centrelink with information held by the Australian Tax Office. A similar arrangement could compare health information to verify eligibility for various illness or unemployment payments.

There is also the regular suggestion that welfare recipients should be drug tested. While this is a punitive and expensive suggestion, direct access to health data would provide a cheap and efficient alternative for advocates of such a policy.

It is similarly unclear that Section 70 would prohibit the Department of Home Affairs from utilising confidential health information to make visa or citizenship determinations. Additionally, health information could plausibly be used to trace unauthorised migrants. This is a serious concern given that, until recently, the UK’s Home Office was using National Health Service records to track immigrants.

The framework developed to manage the secondary use of My Health Record data sensibly prohibits the use of health data to assess eligibility for benefits or investigation. Confusingly, however, the framework document explains that it is superseded by legislation and “does not apply to uses described in the MHR Act”. While the ADHA may currently have an operating policy to not disclose medical information in these contexts, this policy is not supported by legislation and is subject to change without notice.

A framework which is superseded by Section 70 and an operating policy unsupported by any rule or regulation may fail to assuage public anxiety. Concerns about which Government agencies will have access to the My Health Record system are reasonable. For instance, more than 60 federal, state and local agencies applied for warrantless access to citizens’ metadata, and personal health data is equally valuable.

With this in mind, it is interesting to note that the Department of the Prime Minister and Cabinet announced a consultation on a new Data Sharing and Release Bill earlier this month. The purpose of the bill is to permit government agencies to share data with other government agencies. Indeed, the bill encompasses “all data collected by Commonwealth entities for any purpose” and seeks to “move the paradigm from one which restricts access to data to one which authorises sharing”.

Secondary use of data

Additionally, there are nuanced difficulties concerning the secondary use of data. According to the secondary use framework, My Health Record data cannot be used “solely for commercial purposes” but this does not affect affiliated services and apps. For example, appointment booking app HealthEngine disclosed hundreds of users’ health information to law firm Slater and Gordon for the purpose of obtaining new clients.

While HealthEngine is not permitted to directly access data held in the My Health Record system as a part of its data-sharing arrangement, it asked users to include whether their injury was workplace related as a part of the booking process. Even a savvy user is liable to become confused regarding how entities are entitled to use health information in such complex cases.

“How many people have the time or patience to micromanage the privacy settings for dozens to hundreds of medical documents?”

There are also legitimate questions about the ability of consumers to manage their My Health Record. Firstly, a person will need the requisite IT skills to change, for example, the default privacy setting which allows for general access. Secondly, an individual will need to be knowledgeable enough about the nature of the prescriptions, test results and discharge summaries to decide what they want available on the record.

Thirdly, privacy controls pose a challenge for people who have chronic conditions or who are generally time poor. How many people have the time or patience to micromanage the privacy settings for dozens to hundreds of medical documents? Of course, there are undeniable health benefits to be gained from an e-health system, so long as the system is correctly implemented and includes adequate safeguards.

However, the sharing of health information between departments and agencies appears unrelated to health outcomes. Further, ambiguity surrounding the legal threshold for the release of medical information increases the risk of unnecessary or unwanted disclosure of private information. This places some groups, such as people living with HIV and sex workers, at higher risk of prosecution.

The government should maintain the integrity of the principle that health information should be utilised for health purposes. It is essential to change the legislation to protect the information stored within the My Health Record system to at least the same degree as records held by doctors. Ultimately, My Health Record is a system which people may or may not choose to use, but the fear is that it could be used against them.